HWRF
trunk@4391
|
This is a python class intended to be used to automate restricting data to a specific restriction class using access control lists or group ownership. More...
This is a python class intended to be used to automate restricting data to a specific restriction class using access control lists or group ownership.
Example:
It can also set the Default Access Control List if supplied a directory:
Definition at line 61 of file rstprod.py.
Public Member Functions | |
def | __init__ |
Create a new RestrictionClass object for the specified group. More... | |
def | groupname (self) |
The name of the group used for the restriction class. | |
def | groupid (self) |
The numeric ID of the group used for the restriction class. | |
def | use_acl (self) |
True if ACLs are used for access permission, False if setgid and chgrp are used. More... | |
def | acl_for (self, st_mode) |
Returns an produtil.acl.ACL object for the specified access mode. More... | |
def | restrict_file |
Adds the requested restrictions to the specified file or directory. More... | |
def | restrict_fd |
Protected Member Functions | |
def | make_acl_dict (self) |
Internal function that generates the ACL dictionary. More... | |
def | chgrp_restrict (self, target, st_mode, chown, chmod, logger) |
Internal function that uses chgrp to restrict a file's access. More... | |
def | acl_restrict_file (self, target, st_mode, set_acl, logger) |
Internal function that restricts files using ACLs. More... | |
def produtil.rstprod.RestrictionClass.__init__ | ( | self, | |
group, | |||
use_acl = None , |
|||
logger = None |
|||
) |
Create a new RestrictionClass object for the specified group.
group | The group may be the string group name, or the numeric group id. |
use_acl | If use_acl is unspecified, then produtil.cluster.use_acl_for_rstdata() is used to decide. |
logger | a logging.Logger for log messages |
Definition at line 76 of file rstprod.py.
def produtil.rstprod.RestrictionClass.acl_for | ( | self, | |
st_mode | |||
) |
Returns an produtil.acl.ACL object for the specified access mode.
Will raise an exception if self.use_acl is False.
st_mode | desired access mode |
Definition at line 171 of file rstprod.py.
Referenced by produtil.rstprod.RestrictionClass.restrict_fd(), and produtil.rstprod.RestrictionClass.restrict_file().
|
protected |
Internal function that restricts files using ACLs.
This is an internal implementation function that should not be called directly. It handles the ACL case of restrict_file.
target | the target file |
st_mode | the desired access |
set_acl | the acl-setting function |
logger | a logging.Logger for log messages |
Definition at line 206 of file rstprod.py.
Referenced by produtil.rstprod.RestrictionClass.restrict_file().
|
protected |
Internal function that uses chgrp to restrict a file's access.
This is an internal implementation function that should not be called directly. It handles the non-ACL (chgrp+setgid) case of restrict_file and restrict_gid.
target | the target file |
st_mode | the desired mode |
chown | chowning function |
chmod | chmodding function |
logger | a logging.Logger for log messages |
Definition at line 179 of file rstprod.py.
Referenced by produtil.rstprod.RestrictionClass.restrict_fd(), and produtil.rstprod.RestrictionClass.restrict_file().
|
protected |
Internal function that generates the ACL dictionary.
This is part of the internal implementation of RestrictionClass and should not be used directly. It returns a dict() that maps from integer permission to an ACL object that will set an access control list appropriate for that permission. The user and restriction group will match the old user and group permissions, but other groups will have no permissions, and the "world" permissions will be 0.
Definition at line 132 of file rstprod.py.
Referenced by produtil.rstprod.RestrictionClass.__init__().
def produtil.rstprod.RestrictionClass.restrict_fd | ( | self, | |
fd, | |||
st_mode = None , |
|||
logger = None |
|||
) |
Adds the requested restrictions to an opened file. This routine needs to stat the opened file to get the stat.st_mode. @param st_mode To avoid a stat call, send st_mode into the optional argument. @param fd the target file descriptor @param logger a logging.Logger for log messages
Definition at line 247 of file rstprod.py.
def produtil.rstprod.RestrictionClass.restrict_file | ( | self, | |
filename, | |||
st_mode = None , |
|||
logger = None |
|||
) |
Adds the requested restrictions to the specified file or directory.
This routine needs to stat the opened file to get the stat.st_mode.
st_mode | To avoid a stat call, send st_mode into the optional argument. |
filename | the target file |
logger | a logging.Logger for log messages |
Definition at line 228 of file rstprod.py.
def produtil.rstprod.RestrictionClass.use_acl | ( | self | ) |
True if ACLs are used for access permission, False if setgid and chgrp are used.
Definition at line 166 of file rstprod.py.